Botnet 2023 2022
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
18.12.25 |
Kimwolf Exposed: The Massive Android Botnet with 1.8 Million Infected Devices |
|||
| 6.12.25 | V3G4 Botnet | CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer. | BOTNET | BOTNET |
| 4.12.25 |
Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets |
Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025. | BOTNET | BOTNET |
| 29.11.25 | ShadowV2 | At the end of October, during a global disruption of AWS connections, FortiGuard Labs observed malware named “ShadowV2” spreading via IoT vulnerabilities. These incidents affected multiple countries worldwide and spanned seven different industries. | BOTNET | BOTNET |
| 21.11.25 | ShadowRay 2.0 | ShadowRay 2.0: Attackers Turn AI Against Itself in Global Campaign that Hijacks AI Into Self-Propagating Botnet | BOTNET | BOTNET |
| 21.11.25 | Tsundere | Blockchain and Node.js abused by Tsundere: an emerging botnet | BOTNET | BOTNET |
| 20.11.25 | AISURU | The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega Botnet AISURU | BOTNET | BOTNET |
| 23.9.25 | ShadowV2 | ShadowV2: An emerging DDoS for hire botnet | BOTNET | BOTNET |
| 20.9.25 | SystemBC | The Black Lotus Labs team at Lumen Technologies has uncovered new infrastructure behind the “SystemBC” botnet, a network composed of over 80 C2s with a daily average of 1,500 victims, nearly 80% of which are compromised VPS systems from several large commercial providers. | BOTNET | BOTNET |
| 17.9.25 | LunoBotnet | LunoBotnet: A Self-Healing Linux Botnet with Modular DDoS and Cryptojacking Capabilities | BOTNET | CRYPTOCURRENCY |
| 2.9.25 | PolarEdge | Pondering my ORB - A look at PolarEdge Adjacent Infrastructure | BOTNET | IoT |
| 8.7.25 | RondoDox | RondoDox Unveiled: Breaking Down a New Botnet Threat | BOTNET | BOTNET |
| 21.6.25 | Prometei | Resurgence of the Prometei Botnet | BOTNET | BOTNET |
| 20.6.25 | AntiDot | is an Android botnet malware that lets cybercriminals control their victim devices with high capability. LARVA-398 operates and sells this botnet as a Malware as a Service (MaaS) on underground forums. | BOTNET | BOTNET |
| 1.6.25 | PumaBot | PumaBot: Novel Botnet Targeting IoT Surveillance Devices | BOTNET | BOTNET |
| 28.5.25 | PumaBot | PumaBot: Novel Botnet Targeting IoT Surveillance Devices | BOTNET | BOTNET |
| 16.5.24 | HTTPBot | High Risk Warning for Windows Ecosystem: New Botnet Family HTTPBot is Expanding | BOTNET | BOTNET |
| 23.4.25 | RustoBot | New Rust Botnet "RustoBot" is Routed via Routers | BOTNET | Bot |
| 10.4.25 | AkiraBot | AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale | BOTNET | AI |
|
19.3.25 |
BADBOX 2.0 | Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes | BOTNET | BOTNET |
| 11.3.25 | Ballista Botnet | Cato CTRL™ Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers | BOTNET | BOTNET |
| 3.3.25 | Vo1d Botnet | Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally | BOTNET | BOTNET |
| 27.2.25 | PolarEdge | PolarEdge: Unveiling an uncovered ORB network | BOTNET | BOTNET |
|
10.1.25 | Gayfemboy | Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit. | BOTNET | Botnet |
| 16.12.24 | BADBOX | BADBOX Botnet Is Back | BOTNET | BOTNET |
| 09.12.24 | Socks5Systemz | PROXY.AM Powered by Socks5Systemz Botnet | BOTNET | BOTNET |
|
27.11.24 |
Matrix Unleashes A New Widespread DDoS Campaign |
BOTNET |
||
|
19.11.24 |
One Sock Fits All: The use and abuse of the NSOCKS botnet |
BOTNET |
||
|
08.11.24 |
Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave |
BOTNET |
||
15.8.24 | Gafgyt | Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments | BOTNET | BOTNET |
5.7.24 | Zergeca | New Threat: A Deep Dive Into the Zergeca Botnet | BOTNET | BOTNET |
28.5.24 | CatDDoS Botnet | XLab's CTIA(Cyber Threat Insight Analysis) System continuously tracks and monitors the active mainstream DDoS botnets. | BOTNET | BOTNET |
16.5.24 | Ebury | Ebury botnet alive & growing; 400k Linux servers compromised for cryptocurrency theft and financial gain | BOTNET | Cryptocurrency |
3.5.24 |
New “Goldoon” Botnet Targeting D-Link Devices | BOTNET |
||
| 14.3.24 | Botnet Fenix | Botnet Fenix: New botnet going after tax payers in Mexico and Chile | BOTNET | BOTNET |
| 17.2.24 | Glupteba | Diving Into Glupteba's UEFI Bootkit | BOTNET | BOTNET |
8.2.24 | KV-Botnet: Don’t Call It A Comeback | BOTNET | ||
2.2.24 | Frog4Shell | Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal | BOTNET | Botnet |
| 1.2.24 | Telekopye | Telekopye: Hunting Mammoths using Telegram bot | Botnet | Bot |
29.11.23 |
Ddostf | Ddostf: MySQL Servers Turned DDoS Battlegrounds | BOTNET | BOTNET |
29.11.23 |
GoTitan Botnet | GoTitan Botnet - Ongoing Exploitation on Apache ActiveMQ | BOTNET | BOTNET |
24.11.23 |
Mirai | InfectedSlurs Botnet Spreads Mirai via Zero-Days | BOTNET | BOTNET |
24.11.23 |
JenX | JenX botnet, a new IoT botnet, has begun recruiting IoT devices. The JenX botnet is being marketed over the Internet and offers up to 300Gbps attacks for as little as $20. | BOTNET | IoT |
22.2.23 |
Mylobot | Mylobot is a malware that targets Windows systems, it first appeared in 2017 and until now hasn’t received much attention over the years. | Botnet | Botnet |
16.6.22 |
Akamai security researchers discovered Panchan, a new peer-to-peer botnet and SSH worm that emerged in March 2022 and has been actively breaching Linux servers since. |
BotNet |
||
3.6.22 |
In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. |
BotNet |
||
18.5.22 |
New Sysrv Botnet Variant Hijacking Home windows and Linux with Crypto Miners |
BotNet |
||
| 27.4.22 | Pink | On November 21, 2019, we got an interesting new botnet sample from the security community, the sample contained a large number of function names starting with “pink”, and we named it pink botnet. | Botnet | Botnet |
| 27.4.22 | Abcbot | A New Evolving Wormable Botnet Malware Targeting Linux | Botnet | Malware |
23.4.22 |
LemonDuck, a well-known cryptomining botnet, is targeting Docker to mine cryptocurrency on Linux systems. This campaign is currently active. |
Cryptocurrency |
||
16.4.22 |
BotNet |
|||
16.4.22 |
BotNet |
|||
10.4.22 |
BotNet |
|||
9.4.22 |
BotNet |
|||
28.3.22 |
Exploit/Vulnerebility |
|||
17.2.24 | Diving Into Glupteba's UEFI Bootkit | BOTNET | ||
8.2.24 | KV-Botnet: Don’t Call It A Comeback | BOTNET | ||
2.2.24 | Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal |
Botnet | ||
1.2.24 | Telekopye: Hunting Mammoths using Telegram bot | Bot | ||